Unrestricted API keys were always secrets. They are created on a page called "Keys & Credentials". The fact that Google even allows unrestricted keys to be created has been a long standing security problem. The fact their docs encouraged it remains unforgivable.

▲

abustamam 26 minutes ago | parent | next [-]

I can maybe understand unrestricted keys (OK, I can't, to be honest).

But the fact that permissions are not hardened at time of creation is bonkers to me.

▲

ceejayoz 3 hours ago | parent | prev [-]

Public keys are a thing in computing, though?

Google Maps has one, even. And Stripe.

	▲	abustamam 29 minutes ago \| parent [-]
		It's been a while since I've used stripe but don't their keys start with sk_ for secret and pk_ for public? I like that. Easy to tell if you should keep the key a secret or not.